Shared configuration for AI Services
Update the custom resource YAML file to provide the shared configuration values for your IBM Content Cortex AI Services deployment.
| Parameters | Description | Default or example values | Required |
|---|---|---|---|
| license.accept | Specifies whether you accept the license terms for the AI Services deployment. The valid value is true. |
true | Yes |
| sc_deployment_context | Specifies the deployment context for AI Services. No update is required for this value. | FNCM | No |
| sc_ccx_license_model | Specifies the license model for the product that you install. Valid values include CCx.Ess.AU, CCx.Ess.EP, CCx.EE, CCx.AR, CCx.PR, CCx.ER, CP4BA.NonProd, CP4BA.Prod, and CP4BA.User. |
<Required> | Yes |
| image_pull_secrets | Specifies the image pull secret that all AI Services components use to pull images from the registry. | ibm-entitlement-key | Yes |
| sc_image_repository | Specifies the shared container image repository for all AI Services components. | cp.icr.io | Yes |
| root_ca_secret | Specifies the secret that signs internal certificates for AI Services internal service communication. | ai-services-root-ca | No |
| sc_deployment_profile_size | Specifies the deployment profile size for AI Services. | small | No |
| sc_hugepages.enabled | Specifies whether HugePages are enabled for applicable deployment resources. | false | No |
| sc_hugepages.type | Specifies the HugePages type, such as hugepages-2Mi or hugepages-1Gi, when HugePages are enabled. |
"" | No |
| sc_hugepages.value | Specifies the HugePages size value that is appropriate for your cluster when HugePages are enabled. | "" | No |
| sc_redis_enable | Specifies whether Redis is deployed. When this value is false, file storage and persistent volume claims are used instead. |
false | No |
| external_tls_certificate_secret | Specifies the shared custom TLS secret that signs all external routes. If this value is not defined, root_ca_secret is used. |
"" | No |
| sc_run_as_user | Specifies the numeric user ID for the pod security context. This parameter is optional for non-OCP platforms and is not supported on OCP and ROKS. | Blank | No |
| sc_fs_group | Specifies the numeric group ID for the pod security context. This parameter is optional for non-OCP platforms and is not supported on OCP and ROKS. | Blank | No |
| sc_seccomp_profile.type | Specifies the seccomp profile type. Valid values are RuntimeDefault, Localhost, and Unconfined. |
Blank | No |
| sc_seccomp_profile.localhost_profile | Specifies the local path of the custom seccomp profile when type is set to Localhost. |
Blank | No |
| sc_configmap_name | Specifies the ConfigMap name that contains configuration for AI Services components. | ibm-ai-services-integration-config | No |
| sc_enable_instana_metric_collection | Specifies whether Instana metric collection is enabled for AI Services. | false | No |
| sc_generate_sample_network_policies | Specifies whether sample network policy templates are generated for AI Services components. | false | No |
| sc_vault_configuration.enable_external_secret_store | Specifies whether integration with an external secret store, such as HashiCorp Vault, is enabled. | false | No |
| sc_ingress_tls_secret_name | Specifies the TLS secret name for the ingress controller on ROKS. | <Required> | No |
| sc_deployment_hostname_suffix | Specifies the hostname suffix for OCP or the hostname for CNCF ingress creation. | {{ meta.namespace }}.<router-canonical-hostname> |
No |
| sc_ingress_annotations | Specifies custom annotations for ingress resources. | kubernetes.io/ingress.class: nginx |
No |
| trusted_certificate_list | Specifies the list of trusted certificates that are added to the component truststore when external services are not signed by the operator root CA. | [] | No |
| storage_configuration.sc_slow_file_storage_classname | Specifies the storage class name for the file storage provisioner. | <Required> | Yes |
| storage_configuration.sc_block_storage_classname | Specifies the block storage class name. This value is required only when sc_redis_enable is set to true. |
<Optional> | No |
| sc_service_ip_family_policy | Specifies the Kubernetes service ipFamilyPolicy value for dual-stack clusters. Valid values are PreferDualStack and RequireDualStack. |
"" | No |
| sc_is_multiple_az | Specifies whether pods are spread across multiple availability zones. | true | No |
| sc_enable_pdb | Specifies whether Pod Disruption Budgets are enabled across all AI Services components. | true | No |
| show_sensitive_logs | Specifies whether sensitive values can appear in logs. Enable this setting only for troubleshooting in secure environments. | false | No |